Security Updates

on 13th March 2018 / by
Kraftwagen is an Open Source deployment tool which is built entirely on top of Drush. Kraftwagen makes Drupal “easy to use” for developers, who customize Drupal extensively, need staged deployments and use version control systems to collaborate. It provides a set of commands for 'drush make' based Drupal development workflow. Benefits of using Kraftwagen for security updates By using Kraftwagen to deploy security updates, the benefits are multifold, which include Kraftwagen stores configuration as code in version control as opposed to other methods which store it in a database. No need of copying files to project instead refer to external code resources (Drupal core, contrib modules and external libraries). This means that your project repository is very slim. Effective single command deployment to multiple deploy targets (Development, Staging, Production). Deploying Security Updates to Drupal 7 Site Usually deploying security updates to Drupal 7 project can be a painful process. Basic Drupal 7 site update workflow is as follows: Backup database. Backup codebase. Download newer version of modules or make use of drush command drush up. Manually investigate if the modules have been hacked or patched. Then for database changes, run update.php in browser. But with Kraftwagen this whole process becomes easier. All Drupal 7 core and contrib projects are saved by just version number in a .make file. Everything will be downloaded at the time of site building. This itself makes updating process easier since we only need to update version number in our .make file and rebuild the site. Steps to Deploy using Kraftwagen Update version number in .make file. Build site using command drush kw-build. Conclusion So it is very evident that deployment to a Drupal 7 site through Kraftwagen put developers at ease with an otherwise hectic process. This is for more serious developers who crave for some single trigger deployment unlike other file transfer or dashboard based deploy environment. Deploying with Kraftwagen helps keep your git repo simple and slim. Security Updates Drupal 7 Kraftwagen Leave a reply Your email address will not be published. Required fields are marker *

on 30th May 2013 / by Anoop John
Maintaining a Drupal site is not just about managing the content on the site and administering users and the configuration. An important part of maintaining a Drupal site is in keeping the site updated with the latest security updates released for Drupal core and also for the contributed modules used on the site. Drupal is a very secure platform however this does not mean that a snapshot of the platform from a given point in time is free from all imaginable security loopholes. The security of the platform comes from the fact that there is a large community of people and a crack team of security experts (Drupal Security Team) who are always on the lookout for signs of weaknesses in security in Drupal core or contributed modules. When a security vulnerability is identified by the community or the Drupal Security Team it will be taken care of promptly with the involvement of the Drupal Security Team and patches and a new security release of the module or Drupal core itself is released within a very short period of time from the time the vulnerability is idenitified. Along with the new release there will be a security announcement on the Drupal Security mailing list describing the problem and the fix. Once the new security update for the module or Drupal core is released it would be the responsibility of each Drupal site owner to keep their site updated. Once the update is released and hackers (or rather crackers) are aware of the security vulnerability they will try to scan for the vulnerability in known Drupal sites. If these sites are not kept updated then they expose themselves to a higher risk of their security being breached once a given security update is released than when it has not been released / revealed. Typically on small sites this should not be a big problem because there wouldn't be too many crackers trying to crack into small sites because of ROI from their perspectives. However there would still be spammers and black hat SEO thugs who will try to break into the Drupal site to get access into the site and control the site for spamming or for SEO manipulations for their own sites. As the visibility of a Drupal site increases the exposure to such attempted attacks will increase and the probability of the site being cracked increases when the site is not kept up-to-date. A general recommendation is to update the site with all the security updates as soon as the security updates are released. It is the choice of the site owner to decide whether to run regular updates or not. They are not essential but usually updates that take care of bug fixes are for the better. We will be able to offer our Drupal Maintenance Services to help keep your Drupal site updated on a regular basis without having you worry about keeping on top of the update cycles in Drupal. Get in touch with us to know more. Drupal Drupal Updates Security Updates Leave a reply Your email address will not be published. Required fields are marker *